AC-10982::[2FA] Integrate with Duo Web SDK to support Universal Prompt-fixes for unit static and integration tests

Author: glo05363

TwoFactorAuth/Block/Provider/Duo/Auth.php

@@ -59,32 +59,22 @@ public function __construct(
      */
     public function getJsLayout()
     {
-        $duoFailMode = $this->duoSecurity->getDuoFailmode();
-        try {
-            $this->duoSecurity->healthCheck();
-        } catch (LocalizedException $e) {
-            if ($duoFailMode === "OPEN") {
-                $this->messageManager->addSuccessMessage(
-                    __("Login 'Successful', but 2FA Not Performed. Confirm Duo client/secret/host values are correct")
-                );
-                return $this->_url->getUrl('adminhtml/dashboard');
-            } else {
-                $this->messageManager->addErrorMessage(
-                    __("2FA Unavailable. Confirm Duo client/secret/host values are correct")
-                );
-                return $this->_url->getUrl('adminhtml');
-            }
-        }
-
         $user = $this->session->getUser();
         if (!$user) {
             throw new LocalizedException(__('User session not found.'));
         }
         $username = $user->getUserName();
         $state = $this->duoSecurity->generateDuoState();
         $this->session->setDuoState($state);
-        $prompt_uri = $this->duoSecurity->initiateAuth($username, $state);
-        $this->jsLayout['components']['tfa-auth']['authUrl'] = $prompt_uri;
+        $response = $this->duoSecurity->initiateAuth($username, $state);
+
+        if ($response['status'] == 'open') {
+            $this->messageManager->addErrorMessage($response['message']);
+        } elseif ($response['status'] == 'closed') {
+            $this->messageManager->addErrorMessage($response['message']);
+        }
+
+        $this->jsLayout['components']['tfa-auth']['authUrl'] = $response['redirect_url'];
         return parent::getJsLayout();
     }
 }

TwoFactorAuth/Model/Provider/Engine/DuoSecurity.php

@@ -8,6 +8,7 @@
 
 namespace Magento\TwoFactorAuth\Model\Provider\Engine;
 
+use Duo\DuoUniversal\DuoException;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\DataObject;
 use Magento\Framework\UrlInterface;
@@ -182,7 +183,12 @@ private function getSkey(): string
     }
 
     /**
-     * @inheritDoc
+     * Verify the user
+     *
+     * @param UserInterface $user
+     * @param DataObject $request
+     * @return bool
+     * @throws \Duo\DuoUniversal\DuoException
      */
     public function verify(UserInterface $user, DataObject $request): bool
     {
@@ -226,15 +232,43 @@ public function isEnabled(): bool
     }
 
     /**
-     * Generate URI to redirect to for the Duo Universal prompt.
+     * Initiate authentication with Duo Universal Prompt
      *
      * @param string $username
      * @param string $state
-     * @return string
+     * @return array
+     * @throws \Duo\DuoUniversal\DuoException
      */
-    public function initiateAuth($username, string $state): string
+    public function initiateAuth($username, string $state): array
     {
-        return $this->client->createAuthUrl($username, $state);
+        $duoFailMode = $this->getDuoFailmode();
+        try {
+            $this->healthCheck();
+        } catch (DuoException $e) {
+            if ($duoFailMode === "OPEN") {
+                return [
+                    'status' => 'open',
+                    'redirect_url' => '',
+                    'message' => __(
+                        "Login 'applicable',
+                    but 2FA Not Performed. Switch to other 2FA Provider.
+                    Confirm Duo client/secret/host values are correct"
+                    )
+                ];
+            } else {
+                return [
+                    'status' => 'closed',
+                    'redirect_url' => '',
+                    'message' => __("2FA Unavailable. Confirm Duo client/secret/host values are correct")
+                ];
+            }
+        }
+
+        return [
+            'status' => 'success',
+            'redirect_url' => $this->client->createAuthUrl($username, $state),
+            'message' => __('Duo Auth URL created successfully.')
+        ];
     }
 
     /**

TwoFactorAuth/Test/Integration/Controller/Adminhtml/Duo/AuthTest.php

@@ -20,12 +20,12 @@
 class AuthTest extends AbstractConfigureBackendController
 {
     /**
-     * @inheritDoc
+     * @var string
      */
     protected $uri = 'backend/tfa/duo/auth';
 
     /**
-     * @inheritDoc
+     * @var string
      */
     protected $httpMethod = Request::METHOD_GET;
 

TwoFactorAuth/Test/Integration/Controller/Adminhtml/Tfa/ConfigureLaterTest.php

@@ -21,12 +21,12 @@
 class ConfigureLaterTest extends AbstractBackendController
 {
     /**
-     * @inheritDoc
+     * @var string
      */
     protected $uri = 'backend/tfa/tfa/configurelater';
 
     /**
-     * @inheritDoc
+     * @var string
      */
     protected $resource = 'Magento_TwoFactorAuth::tfa';
 

TwoFactorAuth/Test/Integration/Controller/Adminhtml/Tfa/IndexTest.php

@@ -26,7 +26,7 @@
 class IndexTest extends AbstractBackendController
 {
     /**
-     * @inheritDoc
+     * @var string
      */
     protected $uri = 'backend/tfa/tfa/index';
 

TwoFactorAuth/view/adminhtml/web/template/duo/auth.html

@@ -8,7 +8,7 @@
     <form>
         <fieldset class="admin__fieldset">
             <legend class="admin__legend"><span translate="'2FA - Duo Security'"></span></legend>
-            <br/>
+            <br>
             <button type="button" data-bind="click: redirectToAuthUrl, afterRender: onAfterRender">
                 Go to Duo Universal Prompt
             </button>